270 likes | 381 Views
Securing Information Transfer in Distributed Computing Environments. AbdulRahman A. Namankani. What does it mean? Identity Information Identity Trust Domain Security Analysis Security Requirement A suggestive solution Conclusion. Out Line. What does it mean?.
E N D
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani
What does it mean? Identity Information Identity Trust Domain Security Analysis Security Requirement A suggestive solution Conclusion Out Line
What does it mean? Securing Information Transfer in Distributed Computing Environment … A collection of loosely coupled processors interconnected by a communication network
Identity Information Cryptographic key Unsigned credentials Signed credentials Hypride credentials
User credentials High-Level Low-Level
Identity Trust Domain Presistent Mobile Shared
Call For a Solution Maintain data conf. Maintain data intg. Perform in a controlled manner Prevent the policies corruption Ensure the solution’s accountability and compliance with policy
Key Approches Policy-based encryptions Tamper-resistant hardware during the migration Use a third parties to provide a basis for trust, accountability and policy checking Audited access to data, based on stated policy
Terms • Security Policy • A statement of what is ,and what is not, allowed • Security Michanism • Methodes used to enforce the policy • Threat • A potential violation of security • Confidentiality: Keeping data and resources hidden • Integrity: Preventing unauthorized modification
Encryptions • Most computer encryption systems belong in one of two categories: • Symmetric-key encryption • Public-key encryption
TCG • Not-for-profit organization formed to • Develop • Define • and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices.
TPM Trusted Platform Module Low-Cost TPMs are becoming commodities in business computing devices, laptops and desktops Act as a root of trust Used mainly to protect keys and other platform secrets and to exe cryptography operations
But … TCG specifications are based on a monolithic platform TPM is bounded to that platform Requires the platform owner to explicitly authorize credential migration to specific destination platform
A Policy-Driven Migration • Providing a mechanism to migrated user-credentials associated with policy that govern there use, security, accountability and privicy during the migration • Adding a Trusted Third Party (TTP) • Address the problem of not knowing the dest. in advance
Credential-Managment System (CMS) Security mechanism Running in local platform to protect credential Define how to migtrate data Also, adding a trusted HW for encryption And adding the policy mech. to ensure that the target meet the required policy to receive data and key
The Root of Trust CMS TPM
Policy Remotely verify the software state and identify the target platform as belonging to a known partner Migrate only within a given set of platforms Check for stated purposes for which data will be used in the new system TTP will be used as an interpreter for the policy
Putting things together .. We can relay on TCG protocols to migrate low-level user-credentials TPM act as a local credential and as a source for used authenticate TTP will be working as trusted authority and used to generate IBE decryption keys, the same entity as CMS
Summary What does it mean? Identity Information Identity Trust Domain Security Analysis Security Requirement A suggestive solution